Imagine that youâre sitting in Lamont Library, quietly studying. The student next to you shouts, âHey Facebook, give me all the photos you have of that cute guy from section!â Someone in a blue Facebook jacket runs over and displays a big poster with embarrassing party photos.
All around the library, students can be heard yelling at the top of their lungs about Facebook friends, Google searches, or the latest gossip. It sounds ridiculous, but this is how public our interactions are when we use wireless networks. Weâre ordinarily unaware of it because our laptops politely cover their ears when they hear private messages.

But what happens when someone decides to eavesdrop orâworse stillâto actively pretend to be someone else? Firesheep is an extension to the Firefox browser that allows for exactly that. It exploits the fact that many prominent websites (including Facebook, Twitter, and Google search) donât encrypt normal page requests. Once youâve logged in, your browser sends a cookie to the server every time it connects so that the server knows who you are. If the connection is unencrypted, an eavesdropper can steal the cookie and pretend to be you; this is known as session hijacking.